NetFort Resources

Network Forensics - Get Realtime and Historical Information

“With some of the LANGuardian competitors it seems like you need 5 employees with master degrees to get them working. LANGuardian is not that way and does not consume employee resources” CISO, City National Bank

Network packet analysis, storage of historical network events, and comprehensive analytical capabilities make LANGuardian the ideal solution to your network forensics requirements. When you need to analyze an incident or respond to a request for information about network activity, LANGuardian provides all the details you need.

Firewalls, content filters, and anti-virus software can help to protect a network by blocking certain types of traffic, but it’s inevitable that breaches will occur. Advanced persistent threats are the most sinister breaches and receive the most publicity, but the most common breaches arise from misconfigured systems and deliberate or unwitting misuse of the network by authorized users. These breaches are often difficult, even impossible, to detect using real-time monitoring tools. However, with network forensics you can identify patterns of behavior that you cannot identify from real-time data alone.

LANGuardian Network Forensics

The network forensics features of LANGuardian are extremely easy to use. You simply enter an IP address (subnets are also supported) or a username, then click Go. LANGuardian returns a page showing a summary of all information relating to the IP address or username you entered. You can then drill down into the details to investigate further, ultimately to the level of individual data flows.

LANGuardian is able to provide this information because it continuously captures the traffic flowing through your switch and records details of all network events in the LANGuardian database, where the data is optimized for speedy retrieval. The amount of traffic LANGuardian can store is limited only by the amount of storage space available. Automatic and manual archiving ensures you never run out of space to capture new events.

LANGuardian Custom Reports and Trends

When you have created a report that provides the information you need (for example, amount of traffic to and from youtube.com over the previous 24 hours), you can save the report and run it again at any time. You can use wildcards and regular expressions in the report criteria. You can receive reports in email or PDF format as well as interactively, and you can schedule them to run at any time.

LANGuardian trends are reports that run at specified intervals and store the data in the LANGuardian database, enabling you to display a graph of how the report output changes over time. With trends, you can identify anomalies in traffic levels and user behavior that you could not easily identify from reports.

How to buy

We offer perpetual and subscription LANGuardian licenses based on the number of users on your network and the number of sensors you want to deploy. Specialized features are provided as optional modules, so you do not pay for them if you do not need them.